http://qs321.pair.com?node_id=72423


in reply to Random, Unique, but Simple session ID

The unique_id() function I use (pieced together from the Camel, Randal's suggestions, and elsewhere) is:
sub unique_id() { # Use Apache's mod_unique_id if available return $ENV{UNIQUE_ID} if exists $ENV{UNIQUE_ID}; require MD5; # ** Note ** This is intended to be unique, not unguessable. my $id = MD5->hexhash(MD5->hexhash(time.{}.rand().$$)); $id =~ tr|+/=|-_.|; # make non-word characters URL friendly return $id; }

By using hexhash instead of base 64 you're also more likely to come up with ID that are safe to use (read, "no funny characters that might do something bad")

Replies are listed 'Best First'.
Re: Re: Random, Unique, but Simple session ID
by merlyn (Sage) on Apr 14, 2001 at 04:32 UTC
    # ** Note ** This is intended to be unique, not unguessable. my $id = MD5->hexhash(MD5->hexhash(time.{}.rand().$$)); $id =~ tr|+/=|-_.|; # make non-word characters URL friendly
    Uh, that tr never fires there. hexhash always generates hex chars. Perhaps you're confusing this with the base64 versions that I was trying to steer the other petitioner around.

    -- Randal L. Schwartz, Perl hacker